Skip to main content
Springer Nature Link
Log in

DroidTest: Testing Android Applications for Leakage of Private Information

  • Conference paper
  • First Online:
Information Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7807))

Abstract

Smartphones have become a basic necessity in recent years, and a large portion of users are using them for storing private data such as personal contacts and performing sensitive operations such as financial transactions. As a result, there is a high incentive for attackers to compromise these devices. Researchers have also found that there are indeed many malicious applications on official or unofficial Android markets, and a large fraction of them steal private user data once they are installed on smartphones. In this paper, we propose a novel method to test Android applications for the leakage of private data. Our method reuses existing test cases, produced either manually or automatically, and converts each of them into a set of new correlated test cases. The property of these correlated test cases is such that- they will trigger the same result in our system if there is no leakage of private data. As a result, the leakage of information can be detected if we observe different outputs from executions under correlated inputs. We have evaluated our system on an Android malware dataset and the top 50 free applications on official Android market. The result shows that our tool can effectively and efficiently detect leakage of private data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Analysis of appverification tool from google. http://www.csc.ncsu.edu/faculty/jiang/appverify/

  2. Contagio mobile malware mini dump. http://contagiominidump.blogspot.com/

  3. Junit. http://junit.sourceforge.net/

  4. Malware data set. http://www.malgenomeproject.org/policy.html

  5. Official android marketplace: Google play. https://play.google.com/

  6. Robotium. http://code.google.com/p/robotium/

  7. Survey on smartphone users. http://www.engadget.com/2012/05/07/nielsen-smartphone-share-march-2012/

  8. Beresford, A., Rice, A., Skehin, N., Sohan, R.: Mockdroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)

    Google Scholar 

  9. Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: detecting privacy leaks in ios applications. In: Proceedings of the Network and Distributed System Security Symposium (2011)

    Google Scholar 

  10. Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1–6 (2010)

    Google Scholar 

  11. Felt, A., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  12. Felt, A., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)

    Google Scholar 

  13. Felt, A., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

    Google Scholar 

  14. Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Procedings of the USENIX Conference on Web Application Development (2011)

    Google Scholar 

  15. Fuchs, A., Chaudhuri, A., Foster, J.: Scandroid: automated security certification of android applications. Manuscript, Univ. of Maryland (2009). http://www.cs.umd.edu/~avik/projects/scandroidascaa

  16. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  17. Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: ACM Sigplan Notices, vol. 40, pp. 213–223. ACM (2005)

    Google Scholar 

  18. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 639–652. ACM (2011)

    Google Scholar 

  19. Hu, C., Neamtiu, I.: Automating gui testing for android applications. In: Proceedings of the 6th International Workshop on Automation of Software Test, pp. 77–83. ACM (2011)

    Google Scholar 

  20. Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: Scandal: static analyzer for detecting privacy leaks in android applications. In Proc. of the MoST (2012)

    Google Scholar 

  21. K. Sen, D. Marinov, G. Agha.: CUTE: a concolic unit testing engine for C. In: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, vol. 30, pp. 263-272 (2005)

    Google Scholar 

  22. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)

    Google Scholar 

  23. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Acknowledgments

The authors would like to thank Professor Xuxian Jiang and his research group from North Carolina State University for sharing us with the android malware data set.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, 76019, USA

    Sarker T. Ahmed Rumee & Donggang Liu

Authors
  1. Sarker T. Ahmed Rumee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Donggang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sarker T. Ahmed Rumee .

Editor information

Editors and Affiliations

  1. University of Texas at Dallas, Richardson, Texas, USA

    Yvo Desmedt

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ahmed Rumee, S.T., Liu, D. (2015). DroidTest: Testing Android Applications for Leakage of Private Information. In: Desmedt, Y. (eds) Information Security. Lecture Notes in Computer Science(), vol 7807. Springer, Cham. https://doi.org/10.1007/978-3-319-27659-5_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27659-5_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27658-8

  • Online ISBN: 978-3-319-27659-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation